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DETAILED ACTION 
Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

1. Claims 1-3 and 5 are rejected under 35 U.S.C. 102(e) as being anticipated by 
See (2003/0021283). 

Regarding claim 1, See describes a system of controlling usage of network 
resources on a communication network, comprising: 

(A) creating one or more packet rules (policy rules) for analyzing packets 
received at one or more devices of the communications network, each rule including a 
condition and action to be taken if a packet received at a device satisfies the condition 
(fig. 4 and paragraph 35); 

(B) creating one or more service abstractions (policy groups), each service 
abstraction representing a [named] set of one or more of the packet rules (paragraph 
35, "According to one embodiment, the policy rules are organized into policy groups 
based on a rule type 52"; 

(C) associating one or more of the service abstractions with a user (computer 
host) of the communications network (paragraph 27, where network devices may be 
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computer hosts, which is the user of the communications networl^, and paragraph 30, 
"According to one embodiment, the policies relevant to a particular network device 24, 
26, 28 are selected based on a role assigned to the device" and paragraph 35, "A rule 
type may organize policies into role policies"). 

Regarding claim 2, See describes all limitations set forth in claim 1. See further 
describes: 

(C) configuring a network device of the communications network with one or 
more packet rules according to at least one of the service abstractions (policy groups) 
(paragraph 26, "The policy repository 22 stores a plurality of policy rules that may be 
used by the network devices 24, 26, 28 to control different network elements" and 
paragraph 38, "The action 58 may be identifying a policy group based on a device 
attribute..") 

Regarding claim 3, See describes all limitations set forth in claim 2. See further 
describes: 

configuring a port module of a switching device of the communications network 
with one or more packet rules according to at least one of the service abstractions 
(paragraph 22, "According to one embodiment, the network policies are used to .. 
disable network ports based on predetermined conditions,") 

Regarding claim 5, See describes all limitations set forth in claim 1. See further 
describes: 

(C) distributing the one or more service abstractions to one or more network 
devices residing on the communications network (paragraph 30, "According to one 
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embodiment, the policies relevant to a particular network device 24, 26, 28 are selected 
based on a role assigned to the device" and paragraph 35, "A rule type may organize 
policies into role policies"). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which fomns the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

2. Claim 4 rejected under 35 U.S.C. 103(a) as being unpatentable over See in view 
of Nessett (5,968,176). 

See describes all limitations set forth in claim 2. See further describes that the 
network devices may be gateways devices such as hubs, bridges, router & switches 
(paragraph 27). See lacks what Nessett specifically describes: 

configuring a firewall of a network device of the communications network with 
one or more packet rules according to at least one of the service abstractions (abstract, 
where the network devices incorporate firewall functionality). 

It would have been obvious to one with ordinary skill in the art at the time of 
invention by applicant to specify firewall (functionality) in network devices. The 
motivation being that firewall functionality is a common yet important aspect to an 
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overall (private) network for security (Nessett, coL 2, lines 9-11, "Traditionally, firewalls 
are implemented as border equipment, such as routers and application proxy gateways 
that protect a private network from external attack.) 

3. Claim 7-9, and 11-12, 27-29 and 31-32 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over See in view of Azarmi (5,905,715). 

Regarding claim 7, See describes all limitations set forth in claim 1. See lacks 
what Azarmi describes: 

(C) creating one or more role abstractions (feature-describing data set), each role 
abstraction representing a role of a user with respect to the communications network 
(manageable aspect of the communications network), and each role abstraction 
including a set of one more service abstractions (management rule profiles) (col. 2, lines 
42-51). 

It would have been obvious to one with ordinary skill in the art at the time of 
invention by applicant to specify (another) role abstraction layer to group the (existing) 
service abstraction layer. The motivation being that "It defines a structural architecture 
within which business processes, and therefore management systems required to 
provide services on a network", Azamii, col. 2, lines 10-12. 

Regarding claim 8, See and Azarmi combined describes all limitations set forth 
in claim 7. See and Azarmi further describe: 

(D) configuring a network device of the communications network with one or 
more packet rules according to one of the role abstractions (See, paragraph 26, "The 
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policy repository 22 stores a plurality of policy rules that may be used by the network 
devices 24, 26, 28 to control different network elements" and See, paragraph 38, "The 
action 58 may be identifying a policy group based on a device attribute.." where the 
policy group [i.e. sen/ice abstraction layer] is replaced byAzarmi's feature set [i.e. role 
abstraction layer]). 

Regarding claim 9, See and Azarmi combined describe all limitations set forth in 
claim 8. See and Azarmi further describe: 

configuring a port module of a switching device of the communications network 
with one or more packet rules according to at least one of the role abstractions (See, 
paragraph 22, "According to one embodiment, the network policies are used to .. 
disable network ports based on predetermined conditions", where the policy (group) [i.e. 
service abstraction layer] Is replaced by Azarmi's feature set [i.e. role abstraction layer]). 

Regarding claim 11, See and Azarmi combined describe all limitations set forth 
in claim 7. See and Azarmi further describe: 

(D) distributing the one or more role abstractions to one or more network devices 
residing on the communications network (See, paragraph 30, "According to one 
embodiment, the policies relevant to a particular network device 24, 26, 28 are selected 
based on a role assigned to the device" and See, paragraph 35, "A rule type may 
organize policies into role policies", where the role (policy) [i.e. service abstraction layer] 
is replaced by Azarmi's feature set [i.e. role abstraction layer]). 

Regarding claim 12, See and Azarmi combined describe all limitations set forth 
in claim 7. See and Azarmi further describe: 
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(D) associating one or more of the role abstractions with a user (computer host) 
of the communications network (paragraph 27, where networl< devices may be 
computer hosts, and paragraph 30, "According to one embodiment, the policies relevant 
to a particular network device 24, 26, 28 are selected based on a role assigned to the 
device" and paragraph 35, "A rule type may organize policies into role policies", where 
the role (policy) [i.e. sen/ice abstraction layer] is replaced by Azarmi's feature set [i.e. 
role abstraction layer]). 

Regarding claims 27, See describes a system of controlling usage of network 
resources on a communication network, comprising: 

(A) creating one or more packet rules (policy rules) for analyzing packets 
received at one or more devices of the communication network, each rule including a 
condition and action to be taken if a packet received at a device satisfies the condition 
(fig. 4 and paragraph 35); 

See lacks what Azarmi describes: 

(B) creating one or more role abstractions (feature-describing data set), each role 
abstraction representing a role of a user with respect to the communications network 
(manageable aspect of the communications network), and each role abstraction 
including a set of one more packet rule (management rule profiles containing 
management rules) (col. 2, lines 42-51). 

It would have been obvious to one with ordinary skill in the art at the time of 
invention by applicant to specify the role abstraction layer to group the packet rules 
(layer). The motivation being that "It defines a structural architecture within which 



Application/Control Number: 1 0/071 ,228 Page 8 

Art Unit: 2616 

business processes, and therefore management systems required to provide services 
on a network", Azarmi, col. 2, lines 10-12. 

Regarding claim 28, See and Azarmi combined describes all limitations set forth 
in claim 27. See and Azarmi further describe: 

(C) configuring a network device of the communications network with one or 
more packet rules according to one of the role abstractions (See, paragraph 26, "The 
policy repository 22 stores a plurality of policy rules that may be used by the network 
devices 24, 26, 28 to control different network elements" and See, paragraph 38, "The 
action 58 may be identifying a policy group based on a device attribute.." where the 
policy group [I.e. sen/Ice abstraction layer] Is replaced by Azarmi' s feature set [I.e. role 
abstraction layer]). 

Regarding claim 29, See and Azarmi combined describe all limitations set forth 
in claim 28. See and Azarmi further describe step (C) of: 

configuring a port module of a switching device of the communications network 
with one or more packet rules according to at least one of the role abstractions (See, 
paragraph 22, "According to one embodiment, the network policies are used to .. 
disable network ports based on predetermined conditions", where the policy (group) [i.e. 
service abstraction layer] is replaced by Azarmi' s feature set [i.e. role abstraction layer]). 

Regarding claim 31, See and Azarmi combined describe all limitations set forth 
in claim 27. See and Azarmi further describe step (C) of: 

(C) distributing the one or more role abstractions to one or more network devices 
residing on the communications network (See, paragraph 30, "According to one 
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embodiment, the policies relevant to a particular network device 24, 26, 28 are selected 
based on a role assigned to the device" and See, paragraph 35, "A rule type may 
organize policies into role policies", where the role (policy) [i.e. sen/ice abstraction layer] 
is replaced byAzarmi's feature set [i.e. role abstraction layerj). 

Regarding claim 32, See and Azamni combined describe all limitations set forth 
In claim 27. See and Azarmi further describe: 

(C) associating one or more of the role abstractions with a user (computer host) 
of the communications network (paragraph 27, where network devices may be 
computer hosts, and paragraph 30, "According to one embodiment, the policies relevant 
to a particular network device 24, 26, 28 are selected based on a role assigned to the 
device" and paragraph 35, "A rule type may organize policies into role policies", where 
the role (policy) [i.e. service abstraction layer] is replaced byAzarmi's feature set [i.e. 
role abstraction layerj). 

4. Claims 10 and 30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over See in view of Azarmi and further in view of Nessett. 

Regarding claim 10, See and Azarmi combined describe all limitations set forth 
in claim 8. See further describes that the network devices may be gateways devices 
such as hubs, bridges, routers, switches (paragraph 27). See and Azarmi lack what 
Nessett specifically describes: 
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configuring a firewall of a network device of the communications network with 
one or more packet rules according to at least one of the role abstractions (abstract, 
where the network devices incorporate firewall functionality). 

It would have been obvious to one with ordinary skill in the art at the time of 
invention by applicant to specify firewall (functionality) in network devices. The 
motivation being that firewall functionality is a common yet important aspect to an 
overall (private) network for security (Nessett, col. 2, lines 9-1 1 , "Traditionally, firewalls 
are implemented as border equipment, such as routers and application proxy gateways 
that protect a private network from external attack.) 

Regarding claim 30, See and Azarmi combined describe all limitations set forth 
in claim 28. See further describes that the networic devices may be gateways devices 
such as hubs, bridges, routers, switches (paragraph 27). See and Azarmi lack what 
Nessett specifically describes: 

configuring a firewall of a network device of the communications network with 
one or more packet rules according to at least one of the role abstractions (abstract, 
where the network devices incorporate firewall functionality). 

It would have been obvious to one with ordinary skill In the art at the time of 
invention by applicant to specify firewall (functionality) in network devices. The 
motivation being that firewall functionality is a common yet important aspect to an 
overall (private) networic for security (Nessett, col. 2, lines 9-11, "Traditionally, firewalls 
are implemented as border equipment, such as routers and application proxy gateways 
that protect a private network from external attack.) 
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5. Claims 13-18 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over See in view of Nessett. 

Regarding claims 13 and 25, See describes a system for controlling usage of 
network resources on a communications network, the system comprising: 

creating one or more packet rules for analyzing packets received at one or more 
devices of the communications network, each rule including a condition and action to be 
taken if a packet received at a device satisfies the condition; and 

creating one or more service abstractions, each service abstraction representing 
a named set of one or more of the packet rules. 

[assigning logic to] associate one or more of the service abstractions with a user 
(computer host) of the communications network (paragraph 27, where network devices 
may be computer hosts, which is a user of the communication network, and paragraph 
30, "According to one embodiment, the policies relevant to a particular network device 
24, 26, 28 are selected based on a role assigned to the device" and paragraph 35, "A 
rule type may organize policies into role policies"). 

See lacks what Nessett describes: 

a rule editing module [to create pack rules] (fig. 1 , security policy management 
back-end #32) and a service editing module [means to create service abstractions] (fig. 
1 , security policy language interpreter #34) 

It would have been obvious to one with ordinary skill in the art at the time of 
invention by applicant to specify respective editing modules to be used for creating the 
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packet rules and service abstractions as specified in See. The motivation for using 
separate modules in performing layered rules & service abstraction functionality is "As 
the partitioning becomes finer grained, access to resources outside of the firewall 
partition experiences increasing degraded perfomnance. Another approach to this 
problem is to distribute firewall functionality down into lower layers of the protocol 
hierarchy" (Nessett, col. 2, lines 51-56). 

Regarding claim 14, See and Nessett combined describe all limitations set forth 
in claim 13. See further describes: 

[logic to] configure a network device of the communications network with one or 
more packet rules according to at least one of the service abstractions (policy groups) 
(paragraph 26, "The policy repository 22 stores a plurality of policy rules that may be 
used by the network devices 24, 26, 28 to control different network elements" and 
paragraph 38, "The action 58 may be identifying a policy group based on a device 
attribute..") 

Regarding claim 15, See and Nessett combined describe all limitations set forth 
in claim 14. See further describes: 

[port configuration logic ] to configure a port module of a switching device with 
one or more packet rules according to at least one of the service abstractions 
(paragraph 22, "According to one embodiment, the network policies are used to .. 
disable networi( ports based on predetermined conditions,") 

Regarding claim 16, See and Nessett combined describe all limitations set forth 
in claim 14. Nessett further describes: 
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[firewall logic to] configure a firewall of a network device with one or more packet 
rules according to at least one of the service abstractions (abstract, where the network 
devices incorporate firewall functionality). 

Regarding claim 17, See and Nessett combined describe all limitations set forth 
in claim 13. See further describes: 

a distribution module (fig. 2, policy repository #20) to distribute the one or more 
service abstractions to one or more network devices residing on the communications 
network (paragraph 30, "According to one embodiment, the policies relevant to a 
particular network device 24, 26, 28 are selected based on a role assigned to the 
device" and paragraph 35, "A rule type may organize policies into role policies"). 

6. Claims 19-24 and 33-40 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over See in view of Nessett and further in view of Azanni. 

Regarding claim 19, See and Nessett combined describe all limitations set forth 
in claim 1 3. See and Nessett lacks what Azanni describes: 

A role editing module (Nessett, fig. 1, front end #31) to create one or more role 
abstractions (feature-describing data set), each role abstraction representing a role of a 
user with respect to the communications network (manageable aspect of the 
communications network), and each role abstraction including a set of one more service 
abstractions (management rule profiles) (col. 2, lines 42-51). 

It would have been obvious to one with ordinary skill in the art at the time of 
invention by applicant to specify (another) role abstraction layer to group the (existing) 
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service abstraction layer. The nnotivation being that "It defines a structural architecture 
within which business processes, and therefore management systems required to 
provide services on a network", Azarmi, col. 2, lines 10-12. 

Regarding claim 20, See, Nessett and Azarmi combined describe all limitations 
set forth in claim 19. See, Nessett and Azamni further describe: 

[logic to] configure a network device with one or more packet rules according to 
one of the role abstractions (See, paragraph 26, "The policy repository 22 stores a 
plurality of policy rules that may be used by the network devices 24, 26, 28 to control 
different network elements" and See, paragraph 38, "The action 58 may be identifying a 
policy group based on a device attribute.." where the policy group [i.e. service 
abstraction layer] is replaced by Azarmi's feature set [i.e. role abstraction layer]). 

Regarding claim 21, See, Nessett and Azarmi combined describe all limitations 
set forth In claim 20. See, Nessett and Azanni further describe: 

[port configuration logic to] configure a port module of a switching device with 
one or more packet rules according to one of the role abstractions (See, paragraph 22, 
"According to one embodiment, the network policies are used to .. disable network ports 
based on predetermined conditions", where the policy (group) [i.e. service abstraction 
layer] is replaced by Azarmi's feature set [i.e. role abstraction layer]). 

Regarding claim 22, See, Nessett and Azanni combined describe all limitations 
set forth in claim 20. Nessett further describe: 
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[firewall logic to] configure a firewall of a network device with one or more packet 
rules according to one of the role abstractions (abstract, where the network devices 
incorporate firewall functionality). 

Regarding claim 23, See, Nessett and Azarmi combined describe ail limitations 
set forth in claim 19. See, Nessett and Azarmi further describe: 

a distribution module (See, fig. 2, policy repository #20) to distribute the one or 
more role abstractions to one or more network devices residing on the communications 
network (See, paragraph 30, "According to one embodiment, the policies relevant to a 
particular network device 24, 26, 28 are selected based on a role assigned to the 
device" and See, paragraph 35, "A rule type may organize policies into role policies", 
where the role (policy) [i.e. service abstraction layer] is replaced by Azarmi's feature set 
[i.e. role abstraction layer]). 

Regarding claim 24, See and Azarmi combined describe all limitations set forth 
in claim 19. See and Azanni further describe: 

[assigning logic to] assign one of the role abstractions to a [first] user (computer 
host) of the communications network (paragraph 27, where network devices may be 
computer hosts, and paragraph 30, "According to one embodiment, the policies relevant 
to a particular network device 24, 26, 28 are selected based on a role assigned to the 
device" and paragraph 35, "A rule type may organize policies into role policies", where 
the role (policy) [i.e. service abstraction layer] is replaced by Azarmi's feature set [i.e. 
role abstraction layer]). 
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Regarding claims 33 and 39-40, See describes a system of controlling usage of 
network resources on a communication network [official notice taken that the system 
may be implemented using a computer comprising a readable medium and a program 
with instructions which executes the process], comprising: 

creating one or more packet rules (policy rules) for analyzing packets received at 
one or more devices of the communication network, each rule including a condition and 
action to be taken if a packet received at a device satisfies the condition (fig. 4 and 
paragraph 35); 

See lacks what Azarmi describes: 

creating one or more role abstractions (feature-describing data set), each role 
abstraction representing a role of a user with respect to the communications network 
(manageable aspect of the communications network), and each role abstraction 
including a set of one more packet rule (management rule profiles containing 
management rules) (col. 2, lines 42-51). 

It would have been obvious to one with ordinary skill in the art at the time of 
invention by applicant to specify the role abstraction layer to group the packet rules 
(layer). The motivation being that "It defines a structural architecture within which 
business processes, and therefore management systems required to provide services 
on a network", Azarmi, col. 2, lines 10-12. 

See and Azarmi combined lack what Nessett describes: 



Application/Control Number: 10/071,228 Page 17 

Art Unit: 2616 

a rule editing module [to create pack rules] (fig. 1 , security policy management 
back-end #32) and a role editing module (Nessett, fig. 1, front end #31) [means to 
create role abstractions]. 

It would have been obvious to one with ordinary skill in the art at the time of 
invention by applicant to specify respective editing modules to be used for creating the 
packet rules and service abstractions as specified in See and Arzarmi. The motivation 
for using separate modules in performing layered rules & service abstraction 
functionality is "As the partitioning becomes finer grained, access to resources outside 
of the firewall partition experiences increasing degraded performance. Another 
approach to this problem is to distribute firewall functionality down into lower layers of 
the protocol hierarchy" (Nessett, col. 2, lines 51-56). 

Regarding claim 34, See, Nessett and Azarmi combined describe all limitations 
set forth in claim 33. See, Nessett and Azamii further describe: 

[logic to] configure a network device of the communications network with one or 
more packet rules according to one of the role abstractions (See, paragraph 26, "The 
policy repository 22 stores a plurality of policy rules that may be used by the network 
devices 24, 26, 28 to control different network elements" and See, paragraph 38, "The 
action 58 may be identifying a policy group based on a device attribute.." where the 
policy group [i.e. service abstraction layer] is replaced byAzarmi's feature set [i.e. role 
abstraction layer]). 

Regarding claim 35, See, Nessett and Azarmi combined describe all limitations 
set forth in claim 34. See, Nessett and Azanni further describe step (C) of: 
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[port configuration logic] to configure a port module of a switching device of the 
communications network with one or more packet rules according to at least one of the 
role abstractions (See, paragraph 22, "According to one embodiment, the network 
policies are used to .. disable network ports based on predetermined conditions", where 
the policy (group) [i.e. service abstraction layer] is replaced by Azarmi's feature set [i.e. 
role abstraction layer]). 

Regarding claim 36, See, Nessett and Azarmi combined describe all limitations 
set forth in claim 34. See, Nessett and Azarmi further describe: 

[firewall logic] to configure a firewall of a network device of the communications 
network with one or more packet rules (Nessett, abstract, where the network devices 
incorporate firewall functionality) [according to one of the role abstractions]. 

Regarding claim 37, See, Nessett and Azarmi combined describe all limitations 
set forth in claim 33. See, Nessett and Azarmi further describe step (C) of: 

a distribution module (See, fig. 2, #20) to distribute one or more role abstractions 
to one or more network devices residing on the communications network (See, 
paragraph 30, "According to one embodiment, the policies relevant to a particular 
network device 24, 26, 28 are selected based on a role assigned to the device" and 
See, paragraph 35, "A rule type may organize policies into role policies", where the role 
(policy) [i.e. service abstraction layer] is replaced by Azanni's feature set [i.e. role 
abstraction layer]). 

Regarding claim 38, See, Nessett and Azarmi combined describe all limitations 
set forth in claim 33. See, Nessett and Azarmi further describe: 
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[assigning logic to] assign one or more of tiie role abstractions with a user 
(computer host) of the communications network (paragraph 27, where network devices 
may be computer hosts, and paragraph 30, "According to one embodiment, the policies 
relevant to a particular network device 24, 26, 28 are selected based on a role assigned 
to the device" and paragraph 35, "A rule type may organize policies into role policies", 
where the role (policy) [i.e. sen/ice abstraction layer] is replaced by Azarmi's feature set 
[i.e. role abstraction layer]). 

7. Claim 26 is rejected under 35 U.S.C. 103(a) as being unpatentable over See. 

Regarding claim 26, See describes a system of controlling usage of network 
resources on a communication network, comprising: 

(A) creating one or more packet rules (policy rules) for analyzing packets 
received at one or more devices of the communications network, each rule including a 
condition and action to be taken if a packet received at a device satisfies the condition 
(fig. 4 and paragraph 35); 

(B) creating one or more service abstractions (policy groups), each service 
abstraction representing a named set of one or more of the packet rules (paragraph 35, 
"According to one embodiment, the policy rules are organized into policy groups based 
on a rule type 52". 

See lacks describing that a computer program product to perform the above- 
mention process, comprising: 
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a computer readable medium and computer readable signals stored on the 
computer readable medium that define Instructions that, as a result of being executed 
by a computer, instruct the computer to perform the process. 

The examiner takes official notice that the system of See may be implemented 
using a computer comprising a readable medium and a program with instructions which 
executes the process. The motivation being that such implementation using a [generic] 
computer may be more economical and faster to develop than via a customized 
hardware system. 



Response to Arguments 

8. Applicant's arguments filed on April 13, 2006 have been fully considered but they 
are not persuasive. 

On p. 10, lines 11-24, as well as on p. 12, lines 10-25, p. 13, lines 4-1 8, p. 15, 
lines 10-23 and p. 17, lines 1 1-32, the applicant argues that the reference of See fails to 
associate one or more service abstraction with a user of the communication network, 
and that a user is not the same as a host computer/device. The examiner respectfully 
disagrees. 

The examiner cited that the network devices may be network end-stations such 
as computer hosts which are controlled by one or more polic(ies)/rule(s) (See, 
paragraphs 21 & 27). From fig. 4 & paragraph 35, It is noted that the policies/rules are 
grouped into types (service abstractions). 
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The examiner further amended the above rejections of claims 1 and 1 3 to explain 
that computer hosts (i.e. network end-stations) is considered as "a user of the 
communications networks" of the claimed invention. From the rule type and the 
condition columns of table of fig. 4, one with ordinary skill of art can understand that the 
reference of See associates a user (person) to a [operating on a] network device having 
certain privileges (rules). 

On p. 13, lines 29-31, as well as on p. 16, lines 22-32, the applicant argues that 
See and Azarmi combined fail to describe rules and role abstractions of claim 27. The 
examiner respectfully disagrees. 

The examiner cited in this and the last Office action that See describes the use of 
different rules (role for analyzing packets) for different levels of network usage/network 
control of a network device (user), including the corresponding conditions and actions to 
be taken as per claim limitations (See, fig. 4 & paragraph 35). Azamii describes the 
concept of multi-layered topology for network management, comprising management 
(packet) rules grouped by a feature-describing (role abstraction) layer. Hence, in 
combination. See and Azarmi describes all limitations set forth in claim 27. 

The above responses also addressed the argued dependent claims, which rely 
on the arguments to the independent claims. 

Hence, the grounds of rejection are sustained. 
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Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: Herzog (US 2002/0016840), Peterka (US 2003/0200313) and 
Lortz (US 6.957,261). 

1 0. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Warner Wong whose telephone number is 571-272- 
8197. The examiner can normally be reached on 6:30AM - 3:00PM, M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ricky Ngo can be reached on 571-272-3139. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status infomiatlon for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infomnation for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Warner Wong 
Examiner 
Art Unit 2616 
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